.cta-button {
  background-color: #007bff;
  color: white;
  padding: 10px 20px;
  text-align: center;
  display: inline-block;
  border-radius: 5px;
  text-decoration: none;
}


.activate-button {
  display: inline-flex;
  align-items: center;
  justify-content: center;
  position: relative;
  box-sizing: border-box;
  outline: 0px;
  border: 0px;
  margin: 0px;
  cursor: pointer;
  text-transform: unset;
  border-radius: 4px;
  font-family: bold-font;
  font-weight: 500;
  font-size: 0.875rem;
  height: 40px;
  min-width: 64px;
  padding: 6px 16px;
  transition: background-color 250ms cubic-bezier(0.4, 0, 0.2, 1) 0ms,
    box-shadow 250ms cubic-bezier(0.4, 0, 0.2, 1) 0ms,
    border-color 250ms cubic-bezier(0.4, 0, 0.2, 1) 0ms,
    color 250ms cubic-bezier(0.4, 0, 0.2, 1) 0ms;
  color: rgb(255, 255, 255);
  background-color: rgb(48, 98, 212);
  box-shadow: rgba(0, 0, 0, 0.2) 0px 3px 1px -2px,
    rgba(0, 0, 0, 0.14) 0px 2px 2px 0px, rgba(0, 0, 0, 0.12) 0px 1px 5px 0px;
}


.activate-button {
  display: inline-block;
  padding: 10px 20px;
  font-size: 14px;
  font-weight: 400;
  color: #ffffff;
  border-radius: 4px;
  text-decoration: none;
  text-align: center;
  transition: all 0.3s ease;
  cursor: pointer;
  background: #113997;
}

.activate-button p {
  margin: 0;
}

.activate-button:hover,
.activate-button:focus {
  background-color: #113997e1; /* A darker shade of WordPress blue for hover */
  color: #ffffff;
  text-decoration: none;
  cursor: pointer;
}

.activate-button:active {
  background-color: #0a3495; /* Even darker for the active state */
  box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125);
}


This API is used to validate a user session by exchanging the `sessionToken` obtained from the otpless after successful authentication. This server-to-server call requires the `clientId` and `clientSecret`.

Validate User Session

Payload containing the `sessionToken` received from otpless authentication and client credentials for verification.

clientIdHeader & clientSecretHeader

The user's information was successfully retrieved.

OTPLESS

slack

calendar-days

OTPLESS provides a modern approach to authentication and access management, designed for developers who prioritize both security and user experience. Our platform simplifies integration and enhances user interaction, allowing you to transcend traditional authentication with ease.

Introduction

Welcome to OTPLESS

Before you begin integrating OTPLESS into your application, complete the following initial steps to set up your environment.

Prerequisites

Get started with integrating OTPLESS by choosing the right tools for your project. Select from our range of Plugins, SDKs, and APIs to match your development needs.

Quick Start

Easily enhance your WordPress site with the OTPLESS plugin, enabling a variety of user-friendly login methods with just a few clicks. From social logins to mobile authentication, OTPLESS ensures top-notch security, simplifying user access while maintaining high protection standards.

WordPress

Seamlessly integrate OTPLESS into your Shopify store to enhance customer experience with secure, one-tap authentication solutions. From social logins to streamlined checkout processes, OTPLESS provides a robust platform that improves both security and usability, helping you increase conversion rates and build customer trust.

Shopify

Integrate OTPLESS to provide seamless, secure authentication solutions on your Magento store. Enhance user experience with simplified login processes and robust security features designed specifically for eCommerce platforms.

Magento Integration

Seamlessly integrate OTPLESS into your Webflow projects to enhance user authentication with advanced security features. This guide will help you install and activate the OTPLESS plugin, enabling you to implement a variety of authentication methods effortlessly.

Webflow

The OTPLESS API provides a secure, efficient, and seamless way to authenticate users without the need for traditional passwords and OTPs.

This section provides a comprehensive overview of potential error codes returned by the OTPLESS API, their meanings, possible causes, and suggested corrective actions.

Error Codes

Fetches the current user session by exchanging the `sessionToken` obtained from the otpless after successful authentication. This server-to-server call requires the `clientId` and `clientSecret`.

Get Session Details

Fetches a new `sessionToken` using the `refreshToken` provided by OTPLESS. The `sessionToken` is a short lived token that must be replaced by a new token when the current token expires. `refreshToken` has a longer expiry and is used to create a new `sessionToken` till the `refreshToken` is valid. This server-to-server call requires the `clientId` and `clientSecret`.

Get New Session Token

Revokes user session by exchanging the `sessionToken` obtained from the otpless after successful authentication. This server-to-server call requires the `clientId` and `clientSecret`.

Revoke User Session

Validates user details by exchanging the token obtained from the otplessUser object for the user's information. This server-to-server call requires authentication using the client ID and secret. Also the secureInfo details will only be included when the Secure SDK is integrated as part of the authentication implementation.

Verify token

Validates user details by exchanging the token obtained from the otplessUser object for the user's information. This server-to-server call requires authentication using the client ID and secret.

Verify token (Legacy)

Activating the Pro Plan on OTPless is a straightforward process. Follow these steps to get started:

Activate Pro Plan

How to Activate Pro Plan

A Redirect URI is a critical component in the authentication process, acting as the endpoint to which users are directed after authentication. In mobile apps, these often take the form of deep links, which bring users back to the app from a web-based authentication flow.

What's Redirect URI?

Webhooks are a powerful mechanism for receiving real-time notifications about events occurring within the OTPLESS system. By integrating webhooks into your application, you can gain valuable insights into user authentication activities and delivery reports, enabling efficient tracking and reporting.

Webhook Guide

Webhooks are a powerful mechanism for receiving real-time notifications about events occurring within the OTPLESS system. By integrating webhooks into your application, you can gain valuable insights into user authentication activities and system health, enabling efficient tracking and reporting.

Webhook Guide (Legacy)

The **OTPLESS AutoRead SDK** simplifies the process of automatically reading OTPs from **SMS, WhatsApp ZeroTap or WhatsApp OneTap**, enhancing the user experience in your Android applications.

OTP Auto Read

Auto Read SDK

Enhance user experience with Auto Read functionality for WhatsApp and SMS on Android Apps, providing a seamless and zero-tap OTP auth.

Auto Read OTP in OTPless Auth SDK

Learn how the id_token can simplify and secure user authentication in your applications.

id_token (JWT)

This documentation outlines the flexible and customizable sign-up and sign-in configurations available in OTPLESS, including passwordless authentication methods, social logins, and multi-factor authentication (MFA) options, designed to enhance security and user experience. It provides detailed guidance on configuring these settings through the OTPLESS dashboard and upcoming features like password-based authentication and resetting MFA.

Authentication configuration

Signup and Signin configuration

Smart Auth is a multi-layered solution that maximizes user conversion rates and ensures robust security using a waterfall model. It transitions seamlessly through various methods to provide a smooth, secure user experience.

Smart Auth

Authentication via Whatsapp utilizes the WhatsApp platform to verify and identify user identity, leveraging it as a means of verification.

Authentication via WhatsApp

Authentication via Whatsapp

Community

Schedule a Call

Home

Frontend SDKs

API Reference

Resources

Sign in

Contact Support

Silent Network Authentication (SNA) leverages the built-in cryptographic capabilities of a user’s SIM card to verify their identity without any manual input beyond initiating the flow. By directly integrating with mobile network operators, SNA provides an authentication experience that’s both secure and frictionless—delivering a win-win for end users and businesses alike.

Silent Network Auth 101

Silent Network Authentication (SNA)

An in-depth look at passkeys, their operation, benefits, and implementation with OTPless.

Passkey 101

Understanding Passkeys and How They Work

This document provides a comprehensive overview of how **OTPless Passkey** integrates with your app/website to offer secure, passwordless biometric authentication for end users. The integration is based on the **FIDO 2.0** framework, leveraging the security and convenience of **passkeys**. The focus is on the technical flow within the **OTPless SDK**, key entities like the **Relying Party (RP)**, **Authenticator**, and **Client**, and how passkeys enable strong authentication. Additionally, it details the backend checks OTPless performs to verify the authenticator's response during both registration and login.

Integration Overview

This document is designed to assist merchants in integrating the OTPless Passkey API to create user identities and initiate Passkey-based login through the OTPless SDK. Passkey provides secure, device-based authentication for end users, enhancing both security and user experience.

Integration with API

OTPless Passkey API Integration Guide

Learn how to enable passkey reuse across multiple domains, subdomains, and applications with Related Origin and Subdomain Requests.

Related Domains and Subdomains

Allow Passkey Reuse Across Your Sites with Related Origin and Subdomain Requests

Session Management in OTPLESS allows developers to control user session durations, manage inactivity timeouts, validate session tokens, and revoke sessions in real-time for enhanced security and user experience.

Session Management 101

Session Management

Learn how to manage OTPless user sessions effectively using session tokens for secure and seamless authentication.

How to use Sessions

How to use OTPless Session Management

Below are examples of ways to use session management.

Session Management Examples

Integrating Session Management

Integrating Session Management in your application

Learn how to decode and understand the claims in a session JWT token generated by OTPless.

JWT Token Claims

Understanding Claims in Session JWT Token

In a stateless HTTP world, maintaining authentication state between requests is crucial to providing a seamless user experience. While asking users to re-authenticate on every request is not practical, developers have two popular options to maintain authentication state: **Session Cookies** and **JSON Web Tokens (JWTs)**. Both approaches have distinct pros and cons, making it important to evaluate them in the context of your application’s requirements.

Session tokens vs JWTs

OTPLESS Smart Signals provide actionable device intelligence to help fight fraud. This documentation covers the overview, setup, and individual Smart Signal components for both web and mobile platforms.

Secure SDK Signals

OTPless Secure SDK offers enhanced protection by providing detailed device information, security and trust signals, activity behavior analysis, and fraud detection. This comprehensive approach ensures robust user authentication and security.

Secure SDK

This endpoint initiates an OTP to be sent to the specified phone number using the provided channels.


Send OTP (Phone)

This endpoint initiates an OTP to be sent to the specified email.


Send OTP (Email)

This endpoint verifies the OTP sent to the user for authentication.

Verify OTP

This endpoint initiates a Magic Link to be sent to the specified phone number using the provided channels.


Send Magic link (Phone)

This endpoint initiates a Magic Link to be sent to the specified email address using the provided channels.
It enables a smart authentication flow if multiple channels are specified in the request.


Send Magic link (Email)

This endpoint validates the code received via a Magic link / OAuth request to complete user authentication.


Verify Code

This endpoint initiates an OTP link to be sent to the specified phone number using the provided channels.


Send OTP Link (Phone)

This endpoint initiates an OTP link to be sent to the specified email or phone number using the provided channels.


Send OTP Link (Email)

This endpoint initiates an WhatsApp OAuth authentication flow using the specified channel.


OAuth Authentication

This endpoint initiates a Phone Call Approval request to the specified phone number.


Phone Call Approval

This endpoint retrieves the status of an ongoing authentication request using the provided request ID.


Request Status

Sends messages across different channels like WhatsApp, SMS, or Email based on the provided parameters.

Send Message

Explore the OTPLESS JavaScript SDK to seamlessly integrate various authentication methods into your applications. This SDK allows you to leverage pre-built UI components or create your own custom interfaces.

Leverage our Pre-Built UI for rapid integration and customization of authentication flows in your application. This setup allows you to adjust appearance and functionality through the OTPLESS dashboard with minimal coding.

Pre-Built UI

Utilize our Headless SDK for ultimate flexibility. Craft your own tailored UI and seamlessly integrate OTPLESS authentication capabilities using our SDK.

Headless

Prevent fraud, detect bots, and deliver seamless experiences with reliable browser fingerprinting.

Secure

Harness the power of OTPLESS with your React applications to streamline user authentication. This SDK is designed to integrate seamlessly with React, offering both pre-built components and headless functionality for custom UI implementations.

Harness the power of OTPLESS with your Angular applications to streamline user authentication. This SDK is designed to integrate seamlessly with Angular, offering both pre-built components and headless functionality for custom UI implementations.

Explore the OTPLESS VU SDK to seamlessly integrate various authentication methods into your applications. This SDK allows you to leverage pre-built UI components or create your own custom interfaces.

Explore the OTPLESS Flutter Web SDK to seamlessly integrate various authentication methods into your applications. This SDK allows you to leverage pre-built UI components or create your own custom interfaces.

Explore the OTPLESS Android SDK to seamlessly integrate various authentication methods into your applications. This SDK allows you to leverage pre-built UI components or create your own custom interfaces.

Explore the OTPLESS iOS SDK to seamlessly integrate various authentication methods into your applications. This SDK allows you to leverage pre-built UI components or create your own custom interfaces.

Explore the OTPLESS Flutter SDK to seamlessly integrate various authentication methods into your applications. This SDK allows you to leverage pre-built UI components or create your own custom interfaces.

Utilize our Headless SDK for ultimate flexibility. This guide provides detailed instructions on integrating custom UI elements with OTPLESS's backend authentication functions.

Explore the OTPLESS React Native SDK to seamlessly integrate various authentication methods into your applications. This SDK allows you to leverage pre-built UI components or create your own custom interfaces.

Explore the OTPLESS Ionic SDK to seamlessly integrate various authentication methods into your applications. This SDK allows you to leverage pre-built UI components or create your own custom interfaces.

API Documentation

Sign In APIs

Messaging

Session Management APIs

Verify Frontend SDK token

Validate User Session

Authorizations

Body

Response